mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2026-04-22 15:10:51 +02:00
firewall-manager: changing the zone an interface belongs to
When we want to change the zone an interface belongs to we can't use firewalld's addInterface() because this one doesn't allow to add interface to zone when it already has been part of some other/same zone. We need to use changeZone() method instead - hopefuly this is the final name of this method.
This commit is contained in:
Jiri Popelka
Dan Williams
parent
b2d4f66dd3
commit
128695c447
4 changed files with 41 additions and 34 deletions
|
|
@ -73,7 +73,7 @@ cb_info_free (CBInfo *info)
|
|||
}
|
||||
|
||||
static void
|
||||
add_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data)
|
||||
add_or_change_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data)
|
||||
{
|
||||
CBInfo *info = user_data;
|
||||
GError *error = NULL;
|
||||
|
|
@ -83,7 +83,7 @@ add_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data)
|
|||
G_TYPE_STRING, &zone,
|
||||
G_TYPE_INVALID)) {
|
||||
g_assert (error);
|
||||
nm_log_warn (LOGD_FIREWALL, "(%s) firewall zone add failed: (%d) %s",
|
||||
nm_log_warn (LOGD_FIREWALL, "(%s) firewall zone add/change failed: (%d) %s",
|
||||
info->iface, error->code, error->message);
|
||||
}
|
||||
|
||||
|
|
@ -94,18 +94,19 @@ add_cb (DBusGProxy *proxy, DBusGProxyCall *call_id, gpointer user_data)
|
|||
}
|
||||
|
||||
gpointer
|
||||
nm_firewall_manager_add_to_zone (NMFirewallManager *self,
|
||||
const char *iface,
|
||||
const char *zone,
|
||||
FwAddToZoneFunc callback,
|
||||
gpointer user_data1,
|
||||
gpointer user_data2)
|
||||
nm_firewall_manager_add_or_change_zone (NMFirewallManager *self,
|
||||
const char *iface,
|
||||
const char *zone,
|
||||
gboolean add, /* TRUE == add, FALSE == change */
|
||||
FwAddToZoneFunc callback,
|
||||
gpointer user_data1,
|
||||
gpointer user_data2)
|
||||
{
|
||||
NMFirewallManagerPrivate *priv = NM_FIREWALL_MANAGER_GET_PRIVATE (self);
|
||||
CBInfo *info;
|
||||
|
||||
if (priv->running == FALSE) {
|
||||
nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone add skipped (not running)", iface);
|
||||
nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone add/change skipped (not running)", iface);
|
||||
callback (NULL, user_data1, user_data2);
|
||||
return NULL;
|
||||
}
|
||||
|
|
@ -116,10 +117,10 @@ nm_firewall_manager_add_to_zone (NMFirewallManager *self,
|
|||
info->user_data1 = user_data1;
|
||||
info->user_data2 = user_data2;
|
||||
|
||||
nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone add -> %s", iface, zone );
|
||||
nm_log_dbg (LOGD_FIREWALL, "(%s) firewall zone %s -> %s", iface, add ? "add" : "change", zone);
|
||||
return dbus_g_proxy_begin_call_with_timeout (priv->proxy,
|
||||
"addInterface",
|
||||
add_cb,
|
||||
add ? "addInterface" : "changeZone",
|
||||
add_or_change_cb,
|
||||
info,
|
||||
(GDestroyNotify) cb_info_free,
|
||||
10000, /* timeout */
|
||||
|
|
|
|||
|
|
@ -60,12 +60,13 @@ typedef void (*FwAddToZoneFunc) (GError *error,
|
|||
gpointer user_data1,
|
||||
gpointer user_data2);
|
||||
|
||||
gpointer nm_firewall_manager_add_to_zone (NMFirewallManager *mgr,
|
||||
const char *iface,
|
||||
const char *zone,
|
||||
FwAddToZoneFunc callback,
|
||||
gpointer user_data1,
|
||||
gpointer user_data2);
|
||||
gpointer nm_firewall_manager_add_or_change_zone (NMFirewallManager *mgr,
|
||||
const char *iface,
|
||||
const char *zone,
|
||||
gboolean add,
|
||||
FwAddToZoneFunc callback,
|
||||
gpointer user_data1,
|
||||
gpointer user_data2);
|
||||
gpointer nm_firewall_manager_remove_from_zone (NMFirewallManager *mgr,
|
||||
const char *iface,
|
||||
const char *zone);
|
||||
|
|
|
|||
|
|
@ -2742,9 +2742,10 @@ fw_add_to_zone (NMDevice *self, int family)
|
|||
connection = nm_device_get_connection (self);
|
||||
g_assert (connection);
|
||||
s_con = nm_connection_get_setting_connection (connection);
|
||||
priv->fw_call = nm_firewall_manager_add_to_zone (priv->fw_manager,
|
||||
priv->fw_call = nm_firewall_manager_add_or_change_zone (priv->fw_manager,
|
||||
nm_device_get_ip_iface (self),
|
||||
nm_setting_connection_get_zone (s_con),
|
||||
TRUE,
|
||||
fw_add_to_zone_cb,
|
||||
self,
|
||||
GINT_TO_POINTER (family));
|
||||
|
|
|
|||
|
|
@ -1251,7 +1251,7 @@ connections_loaded (NMSettings *settings, gpointer user_data)
|
|||
}
|
||||
|
||||
static void
|
||||
add_to_zone_cb (GError *error,
|
||||
add_or_change_zone_cb (GError *error,
|
||||
gpointer user_data1,
|
||||
gpointer user_data2)
|
||||
{
|
||||
|
|
@ -1265,23 +1265,25 @@ add_to_zone_cb (GError *error,
|
|||
}
|
||||
|
||||
static void
|
||||
inform_firewall_about_zone (NMPolicy *policy, NMConnection *connection)
|
||||
firewall_update_zone (NMPolicy *policy, NMConnection *connection)
|
||||
{
|
||||
NMSettingConnection *s_con = nm_connection_get_setting_connection (connection);
|
||||
GSList *iter, *devices;
|
||||
|
||||
devices = nm_manager_get_devices (policy->manager);
|
||||
/* find dev with passed connection and change zone its interface belongs to */
|
||||
for (iter = devices; iter; iter = g_slist_next (iter)) {
|
||||
NMDevice *dev = NM_DEVICE (iter->data);
|
||||
|
||||
if ( (get_device_connection (dev) == connection)
|
||||
&& (nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED)) {
|
||||
nm_firewall_manager_add_to_zone (policy->fw_manager,
|
||||
nm_device_get_ip_iface (dev),
|
||||
nm_setting_connection_get_zone (s_con),
|
||||
add_to_zone_cb,
|
||||
g_object_ref (dev),
|
||||
NULL);
|
||||
nm_firewall_manager_add_or_change_zone (policy->fw_manager,
|
||||
nm_device_get_ip_iface (dev),
|
||||
nm_setting_connection_get_zone (s_con),
|
||||
FALSE, /* change zone */
|
||||
add_or_change_zone_cb,
|
||||
g_object_ref (dev),
|
||||
NULL);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1296,18 +1298,20 @@ firewall_started (NMFirewallManager *manager,
|
|||
GSList *iter, *devices;
|
||||
|
||||
devices = nm_manager_get_devices (policy->manager);
|
||||
/* add interface of each device to correct zone */
|
||||
for (iter = devices; iter; iter = g_slist_next (iter)) {
|
||||
NMDevice *dev = NM_DEVICE (iter->data);
|
||||
|
||||
connection = get_device_connection (dev);
|
||||
s_con = nm_connection_get_setting_connection (connection);
|
||||
if (nm_device_get_state (dev) == NM_DEVICE_STATE_ACTIVATED) {
|
||||
nm_firewall_manager_add_to_zone (policy->fw_manager,
|
||||
nm_device_get_ip_iface (dev),
|
||||
nm_setting_connection_get_zone (s_con),
|
||||
add_to_zone_cb,
|
||||
g_object_ref (dev),
|
||||
NULL);
|
||||
nm_firewall_manager_add_or_change_zone (policy->fw_manager,
|
||||
nm_device_get_ip_iface (dev),
|
||||
nm_setting_connection_get_zone (s_con),
|
||||
TRUE, /* add zone */
|
||||
add_or_change_zone_cb,
|
||||
g_object_ref (dev),
|
||||
NULL);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1319,7 +1323,7 @@ connection_updated (NMSettings *settings,
|
|||
{
|
||||
NMPolicy *policy = (NMPolicy *) user_data;
|
||||
|
||||
inform_firewall_about_zone (policy, connection);
|
||||
firewall_update_zone (policy, connection);
|
||||
|
||||
/* Reset auto retries back to default since connection was updated */
|
||||
set_connection_auto_retries (connection, RETRIES_DEFAULT);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue